CVE-2020-1712

NameCVE-2020-1712
DescriptionA heap use-after-free vulnerability was found in systemd before version v245-rc1, where asynchronous Polkit queries are performed while handling dbus messages. A local unprivileged attacker can abuse this flaw to crash systemd services or potentially execute code and elevate their privileges, by sending specially crafted dbus messages.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
ReferencesDLA-3063-1
Debian Bugs950732

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
systemd (PTS)jessie, jessie (lts)215-17+deb8u15fixed
stretch (security)232-25+deb9u14fixed
stretch (lts), stretch232-25+deb9u17fixed
buster, buster (lts)241-7~deb10u11fixed
buster (security)241-7~deb10u10fixed
bullseye247.3-7+deb11u5fixed
bullseye (security)247.3-7+deb11u6fixed
bookworm252.30-1~deb12u2fixed
sid, trixie256.7-3fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
systemdsourcewheezy(unfixed)end-of-life
systemdsourcejessie(not affected)
systemdsourcestretch232-25+deb9u14DLA-3063-1
systemdsourcebuster241-7~deb10u4
systemdsource(unstable)244.2-1950732

Notes

[jessie] - systemd <not-affected> (Vulnerable code introduced later)
https://github.com/systemd/systemd/commit/773b1a7916bfce3aa2a21ecf534d475032e8528e (preparation)
https://github.com/systemd/systemd/commit/95f82ae9d774f3508ce89dcbdd0714ef7385df59 (preparation)
https://github.com/systemd/systemd/commit/7f56982289275ce84e20f0554475864953e6aaab (preparation)
https://github.com/systemd/systemd/commit/f4425c72c7395ec93ae00052916a66e2f60f200b (preparation)
https://github.com/systemd/systemd/commit/1068447e6954dc6ce52f099ed174c442cb89ed54 (introduce new API)
https://github.com/systemd/systemd/commit/637486261528e8aa3da9f26a4487dc254f4b7abb (use new function to fix CVE-2020-1712)
https://github.com/systemd/systemd/commit/5c1163273569809742c164260cfd9f096520cb82 (documentation)
https://github.com/systemd/systemd/commit/bc130b6858327b382b07b3985cf48e2aa9016b2d (documentation)
Introduced by https://github.com/systemd/systemd/commit/70244d1d25eb80b57e160ea004d0e6bf793d4caf (v220)
https://bugzilla.redhat.com/show_bug.cgi?id=1794578
https://bugs.chromium.org/p/project-zero/issues/detail?id=1971
https://www.openwall.com/lists/oss-security/2020/02/05/1

Search for package or bug name: Reporting problems